cyberveille.decio.ch

cyberveille.decio.ch

7248 bookmarks
Custom sorting
Il perd 450 francs à cause d'une faille de sécurité des CFF
Il perd 450 francs à cause d'une faille de sécurité des CFF
Découverte d'une faille de sécurité chez CFF et chez CembraPay «Des escrocs ont acheté à mon nom des billets de train pour 450 francs» Lorsque Reto Pfammatter trouve un rappel de paiement dans sa boîte aux lettres, il se pose des questions. Pourquoi doit-il payer plus de 450 francs pour des billets CFF… qu'il n'a jamais achetés! Le Suisse s'est fait usurper son identité avec une arnaque simple.
·blick.ch·
Il perd 450 francs à cause d'une faille de sécurité des CFF
"Ils nous ont contactés via une messagerie cryptée pour obtenir une rançon" : cette cyberattaque rend la vie impossible aux éleveurs
"Ils nous ont contactés via une messagerie cryptée pour obtenir une rançon" : cette cyberattaque rend la vie impossible aux éleveurs
Alors que plusieurs sites internet de collectivités sont victimes de piratages en France, le secteur agricole est, lui aussi, touché. Depuis la nuit du 14 au 15 décembre, la plateforme en ligne permettant l'identification...
·france3-regions.francetvinfo.fr·
"Ils nous ont contactés via une messagerie cryptée pour obtenir une rançon" : cette cyberattaque rend la vie impossible aux éleveurs
Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability
Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability
The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails. The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails.
·unit42.paloaltonetworks.com·
Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability
What We Know About CVE-2024-49112 and CVE-2024-49113
What We Know About CVE-2024-49112 and CVE-2024-49113
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113, a denial-of-service (DoS) flaw with a 7.5 CVSS score.
·trendmicro.com·
What We Know About CVE-2024-49112 and CVE-2024-49113
Finnish police detain Russian 'ghost fleet' ship crew as cable damage probe continues
Finnish police detain Russian 'ghost fleet' ship crew as cable damage probe continues
The Eagle S is suspected of damaging the Estlink-2 power cable which runs under the Baltic Sea between Finland and Estonia by dragging its anchor along the seabed on Christmas Day. Police in Finland say the crew of a Russia-linked tanker suspected of damaging a power cable under the Baltic Sea have been detained indefinitely. The Eagle S crew consists of 24 people with Finland’s Central Criminal Police imposing movement restrictions on eight.
·euronews.com·
Finnish police detain Russian 'ghost fleet' ship crew as cable damage probe continues
New DoubleClickjacking attack exploits double-clicks to hijack accounts
New DoubleClickjacking attack exploits double-clicks to hijack accounts
A new variation of clickjacking attacks called "DoubleClickjacking" lets attackers trick users into authorizing sensitive actions using double-clicks while bypassing existing protections against these types of attacks. Clickjacking, also known as UI redressing, is when threat actors create malicious web pages that trick visitors into clicking on hidden or disguised webpage elements.
·bleepingcomputer.com·
New DoubleClickjacking attack exploits double-clicks to hijack accounts
DoubleClickjacking: A New Era of UI Redressing
DoubleClickjacking: A New Era of UI Redressing
“Clickjacking” attacks have been around for over a decade, enabling malicious websites to trick users into clicking hidden or disguised buttons they never intended to click . This technique is becoming less practical as modern browsers set all cookies to “SameSite: Lax” by default. Even if an attacker site can frame another website, the framed site would be unauthenticated, because cross-site cookies are not sent. This significantly reduces the risk of successful clickjacking attacks, as most interesting functionality on websites typically requires authentication.
·paulosyibelo.com·
DoubleClickjacking: A New Era of UI Redressing
Cyber attack on Italy's Foreign Ministry, airports claimed by pro-Russian hacker group
Cyber attack on Italy's Foreign Ministry, airports claimed by pro-Russian hacker group
Hackers targeted around ten official websites in Italy on Saturday, including the websites of the Foreign Ministry and Milan's two airports, putting them out of action temporarily, the country's cyber security agency said. The pro-Russian hacker group Noname057(16) claimed the cyber attack on Telegram, saying Italy's "Russophobes get a well deserved cyber response".
·reuters.com·
Cyber attack on Italy's Foreign Ministry, airports claimed by pro-Russian hacker group
New details reveal how hackers hijacked 35 Google Chrome extensions
New details reveal how hackers hijacked 35 Google Chrome extensions
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven.
·bleepingcomputer.com·
New details reveal how hackers hijacked 35 Google Chrome extensions
U.S. Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security
U.S. Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security
Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by…
·krebsonsecurity.com·
U.S. Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security
Ces hackers israéliens qui s’installent à Barcelone
Ces hackers israéliens qui s’installent à Barcelone
Barcelone se mue en “capitale européenne de la cyberguerre”. Depuis un an et demi, “au moins trois équipes renommées d’experts en piratage informatique”, venus d’Israël, se sont installées dans la capitale de la Catalogne, détaille El Periódico de Catalunya. Le journal espagnol s’appuie sur les informations du quotidien de Tel-Aviv Ha’Aretz, qui a publié le 26 décembre un article sur les hackers “délocalisés” d’Israël vers des pays de l’Union européenne, dont l’Espagne.
·courrierinternational.com·
Ces hackers israéliens qui s’installent à Barcelone
China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says
China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says
The department notified lawmakers of the episode, which it said was linked to a state-sponsored actor in China. In a letter informing lawmakers of the episode, the Treasury Department said that it had been notified on Dec. 8 by a third-party software service company, BeyondTrust, that the hacker had obtained a security key that allowed it to remotely gain access to certain Treasury workstations and documents on them
·nytimes.com·
China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says